Chapter 1 Information Collection
1.1 Website Information Collection (1)
A website is a symbolic identity of a network or a group. It is directly exposed on the Internet to provide services to visitors, or used by groups or companies to carry out business, therefore, website security issues are particularly important. I do not know when, "intruding into the website", "graffiti Website" became a "Competition" used by intruders to prove their strength ".
1.1.1 related knowledge
1. IP Address
An IP address is the identifier of a computer on the Internet. Each computer on the Internet must have its own IP address. A computer can have multiple IP addresses, however, the same IP address cannot be assigned to more than one computer. Whether these addresses are automatically assigned by the Windows system, dynamically allocated through the DHCP service, or static addresses (using the obtained IP addresses ). These rules are stipulated by the IP protocol. Currently, the widely used IP address specification is defined in IPv4 (version 4th of the IP protocol.
2. Some website knowledge
The website mentioned here refers to a Web server, or an HTTP server. It provides services through Hypertext Transfer protocol, and forms webpages Based on hypertext markup language (HTML. Hyper Text transfer protocol is a way of organizing information according to human habits. It uses "hot links" to put different media, films, music, and movies are organized together. Website services include web browsing, Software downloading, online videos, search engines, and e-commerce platforms.
Tip: the website development process is as follows.
First, the webpage designer needs to use the relevant software to compile the webpage, such as using Dreamweaver, FrontPage and other Webpage Design Software. Then, the website, such as IIS and Apache server, is created by the specialized web server software. After all preparations are ready, the website administrator can apply for a domain name from the relevant institution to publish the website.
3. IP Address Allocation
As mentioned above, each computer on the network must have its own IP address. How can we "Conflict" the IP address with other computers? This requires the IP address management organization to manage the IP address in a unified manner and allocate the IP address layer by layer. For example, if the global IP address management organization assigns an IP address segment 1.0.0.0 to China, then the China IP address management organization can divide the IP address segment into lower-level IP address management organizations, such as 1.1.0.0. The IP address is divided layer by layer until the IP address is assigned to each terminal computer.
It should be noted that the following IP addresses do not need to be applied to the relevant IP management organization, but they can only be used by the Intranet, and the same IP address cannot be allocated to different hosts in the same intranet.
? 10. x
? 172.16.x.x ~ 172.31.x.x
È 192.168.x.x
4. Common doscommands
(1) query the local IP address command
Step 1: Enable MS-dos.
For Windows 9x systems, Select Start> Run and enter the command, as shown in Figure 1-1.
For Windows 2000/XP/2003, Select Start> Run and enter the CMD Command, as shown in figure 1-2.
Figure 1-1 Figure 1-2
Step 2: query the local IP address.
For Windows 9x systems, enter the "winipcfg" command and then open window 1-3, as shown in.
Figure 1-3
For Windows 2000/XP/2003, run the ipconfig Command, as shown in figure 1-4.
Figure 1-4
(2) ping command Overview
The Ping Command is a commonly used network command by intruders. It applies a management method of the Simple Network Management Protocol ICMP. The purpose is to send a specific form of ICMP packet to request the host's response, then obtain some host attributes. It has some taste of "throwing stones and asking for directions. Although the principle is simple, this command is widely used. With this command, intruders can test whether the target host is active and query the host name of the target host, you can also use ARP commands to query the MAC address of the target host, or even infer the operating system of the target host, or conduct DDoS attacks.
The format of ping command:
Ping[-T] [-A] [-N count] [-l size] [-F] [-I TTL] [-V TOS]
[-R count] [-s count] [[-J host-list] | [-K host-list]
[-W timeout] destination-list
Common parameters:
-T: run the ping command and press Ctrl + C.
-When ping a, the IP address is converted to the host name.
-N count: the number of Ping times.
-I TTL: sets the ICMP packet survival time (the ICMP packet can be uploaded to the nearest node ).
The following are two examples.
Test whether the target host is active.
Command Format: ping the Host IP Address
C: \> Ping 192.168.245.130
Pinging 192.168.245.130 with 32 bytes of data:
Reply from 192.168.245.130: bytes = 32 time = 10 ms TTL = 1
Reply from 192.168.245.130: bytes = 32 Time
Reply from 192.168.245.130: bytes = 32 Time
Reply from 192.168.245.130: bytes = 32 Time
Ping statistics for 192.168.245.130:
Packets: Sent = 4, stored ED = 4, lost = 0,
Approximate round trip times in Milli-seconds:
Minimum = 0 ms, maximum = 10 ms, average = 2 ms
From the returned result "reply from 192.168.245.130: bytes = 32 time = 10 ms TTL = 1", the target host has a response, indicating that 192.168.245.130 is active. The following result is the opposite:
C: \> Ping 192.168.245.130
Pinging 192.168.245.130 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.245.130:
Packets: Sent = 4, received = 0, lost = 4 (100% loss ),
Approximate round trip times in Milli-seconds:
Minimum = 0 ms, maximum = 0 ms, average = 0 ms
From the returned result "request timed out.", the target host is not active, that is, the target host is not online or has a network firewall installed. Such a host is not prone to intrusion.
Use the ping command to detect the operating system.
Different operating systems have different TTL return values for ping. See table 1-1.
Table 1-1 TTL returned values of different operating systems for Ping
Operating System
Default TTL Return Value
UNIX
255
Windows 95
32
For Windows NT/2000/2003
128
Compaq trusted 64 5.0
64
Therefore, intruders can determine the operating system of the Target Based on the TTL return values. For information collection methods of intruders, the network administrator can modify the Registry to change the default TTL return value.